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DESCRIPTION 

CENTRALIZED MANAGEMENT AUTHENTICATION APPARATUS 

Technical Field 
5 The present invention relates to a centralized 

management authentication apparatus and wireless 
terminal authentication method for authenticating a 
wireless terminal apparatus to enable the wireless 
terminal apparatus to perform roaming between different 
10 wireless networks such as, a cellular wireless network 
and wireless local area network. 



Background Art 

Conventionally, practically-used wireless 

15 communication systems have broadly been classified into 
two groups. One is a cellular wireless network typified 
by GSM (Global System for Mobile communications) and PDC 
(Personal Digital Cellular) . The other one is a wireless 
local area network (hereinafter, referred to as a wireless 

20 LAN network) typified by IEEE8 02 . lla/b and Hyper LAN2 . 

The cellular wireless network enables a wireless 
terminal apparatus to be used across a wide range, and 
is a dominant system as a speech communication system. 
However, the cellular wireless network may have problems 

25 with the capacity when a large number of users exist and 
thus the communication density is high, and therefore, 
is not able to support future large-capacity data 



2 

transmission sufficiently. In contrast thereto, the 
wireless LAN network provides the transmission capacity 
of maximum 11Mbps in IEEE802.11b, and the transmission 
capacity of maximum 54Mbps in IEEE802 . 11a and Hyper LAN2, 
5 and is thus able to support future large-capacity data 
transmission adequately. However, the wireless LAN 
network is insufficient in Location management control 
available in the cellular wireless network, and makes 
it difficult using a wireless terminal apparatus across 

10 a wide range . 

Meanwhile , wireless communication systems have been 
proposed that integrate different wireless networks 
typified by the cellular wireless network and wireless 
LAN network. As an example of the systems, there is a 

15 system described in Japanese Laid-Open Patent Publication 
H09-200825 . 

In such a wireless communication system, in order 
to achieve seamless roaming between different wireless 
networks, it is necessary to perform centralized 
20 management of authentication that is performed when a 
wireless terminal apparatus gains access to each wireless 
network . 

However, in the case of performing centralized 
management of authentication on the entire wireless 
25 networks, since a wireless terminal apparatus needs to 
access an apparatus that performs the centralized 
management whenever the terminal moves between wireless 
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networks, it takes time to authenticate, and there arise 
problems that the interval required for handover 
increases and that quality deterioration such as packet 
loss occurs. The problems become more remarkable, as 
5 the number of wireless networks increases and the scale 
becomes larger. 

Disclosure of Invention 

It is an object of the present invention to provide 

10 a centralized management authentication apparatus and 
wireless terminal authentication method enabling 
reduction in time required for authentication that is 
performed when a wireless terminal apparatus moves 
between wireless networks. 

15 The object is achieved by managing location 

information of a wireless terminal apparatus and service 
area information of each wireless network, and notifying 
at least one wireless network that provides communication 
services around a current location of the wireless 

20 terminal apparatus of authentication information 
required for authentication of the wireless terminal 
apparatus before the wireless terminal apparatus performs 
handover to move to the network. 

25 Brief Description of Drawings 

FIG.l is a block diagram illustrating an entire 
configuration of a wireless communication system 



according to Embodiment 1 of the present invention; 

FIG. 2 is a block diagram illustrating a schematic 
configuration of a location management apparatus provided 
on a cellular wireless network constituting part of the 
5 wireless communication system according to Embodiment 
1 of the invention; 

FIG. 3 is a block diagram illustrating a schematic 
configuration of a centralized management authentication 
apparatus provided on the cellular wireless network 
10 constituting part of the wireless communication system 
according to Embodiment 1 of the invention; 

FIG. 4 is a block diagram illustrating a schematic 
configuration of an authentication apparatus provided 
on a wireless LAN network constituting part of the wireless 
15 communication system according to Embodiment 1 of the 
invention ; 

FIG. 5 is a block diagram illustrating a schematic 
configuration of a wireless terminal apparatus usable 
in the wireless communication system according to 
20 Embodiment 1 of the invention; 

FIG. 6 is a block diagram illustrating an entire 
configuration of a wireless communication system 
according to Embodiment 2 of the present invention; 

FIG. 7 is a block diagram illustrating a schematic 
25 configuration of an authentication apparatus provided 
on a cellular wireless network constituting part of the 
wireless communication system according to Embodiment 



2 of the invention; 

FIG. 8 is a block diagram illustrating a schematic 
configuration of a location management apparatus provided 
on the cellular wireless network constituting part of 
the wireless communication system according to Embodiment 
2 of the invention; and 

FIG. 9 is a block diagram illustrating a schematic 
configuration of a wireless terminal apparatus usable 
in a wireless communication system according to 
Embodiment 3 of the invention. 

Best Mode for Carrying Out the Invention 

Embodiments of the present invention will 
specifically be described below with reference to 
accompanying drawings . 
(Embodiment 1) 

FIG.l is a block diagram illustrating a 
configuration of a wireless communication system 
according to Embodiment 1 of the present invention. 

The wireless communication system according to this 
Embodiment is obtained by combining a single cellular 
wireless network 1 and a plurality of wireless local area 
networks (hereinafter referred to as wireless LAN 
networks ) , 2-1 , 2-2 , 2-1 , 2-n . 

Cellular wireless network 1 is provided with 
centralized management authentication apparatus 10 f 
authentication information generating apparatus 11, user 
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data management apparatus 12, location management 
apparatus 13, radio base station 14 and radio base station 
15. Cent ralized management authentication apparatus 10 
performs centralized management of authentication of a 
5 wireless terminal apparatus performed on each of a 
plurality of wireless LAN networks, 2-1 to 2-n. 
Authentication information generating apparatus 11 
generates authentication information to manage a wireless 
terminal apparatus. User data management apparatus 12 

10 manages the detail of user contract such as a roaming 
contract. Location management apparatus 13 manages a 
current location of a wireless terminal apparatus. Each 
of radio base stations 14 and 15 provides communication 
services to a wireless terminal apparatus that moves into 

15 service area 3 of the base station. 

Location management apparatus 13 performs location 
management on a cellular-wireless-area basis, and as 
shown in FIG. 2, is provided with wireless terminal 
location management section 1301 and service area 

20 management section 1302. Wireless terminal location 
management section 1301 manages a current location of 
each of wireless terminal apparatuses 30-1 to 30-4. 
Service area management section 1302 of location 
management apparatus 13 manages service area information 

25 of each of wireless LAN networks 2-1 to 2-n. 

As shown in FIG. 3, centralized management 
authentication apparatus 10 is provided with 
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authentication information notification destination 
search section 101, authentication information 
management section 102 and authentication section 103. 
Authentication information notification destination 
5 search section 101 acquires the wireless terminal 
location information and service area information managed 
in location management apparatus 13, and thereby searches 
for a wireless LAN network having a service area around 
a current location of a wireless terminal apparatus. 

10 Then, authentication information notification 

destination search section 101 notifies authentication 
information management section 102 of the searched 
wireless LAN network. Authentication information 
management section 102 notifies the wireless LAN network 

15 searched by authentication information notification 
destination search section 101 of the authentication 
information acquired from authentication information 
generating apparatus 11. In other words , authentication 
information management section 102 notifies the 

20 authentication information to the wireless LAN network 
having a service area around the current location of the 
wireless terminal apparatus. 

Each of wireless LAN networks 2-1 to 2-n is comprised 
of authentication apparatus 20 and radio base stations 

25 20 and 21. As shown in FIG. 4, authentication apparatus 
2 0 is provided with authentication information management 
section 201 and authentication section 202. 
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Authentication information management section 201 
manages authentication information of a wireless terminal 
apparatus, requests the authentication information to 
centralized management authentication apparatus 10 of 
5 cellular wireless network 1, and thereby manages the 
authentication information notified from centralized 
management authentication apparatus 10. 

Authentication section 202 receives an authentication 
request signal from a wireless terminal apparatus, and 

10 thereby checks whether the authentication information 
of the wireless terminal apparatus is stored in 
authentication information management section 201. 
When the authentication information is stored in 
authentication information management section 201, 

15 authentication section 202 performs authentication 
processing according the authentication algorithm. In 
contrast thereto, when the authentication information 
is not stored in authentication information management 
section 201, authentication information management 

20 section 201 transmits an authentication information 
request to centralized management authentication 
apparatus 10 of cellular wireless network 1, and acquires 
the authentication information. 

As shown in FIG.l, each of radio base stations 21 

25 and 22 of each of wireless LAN networks 2-1 to 2-n manages 
a single service area. In other words, on wireless LAN 
network 2-1, radio base station 21 manages service area 



0 

9 

4-1, while radio base station 22 manages service area 
4-2. On wireless LAN network 2-2, radio base station 

21 manages service area 4-3, while radio base station 

22 manages service area 4-4. On wireless LAN network 
5 2-i, radio base station 21 manages service area 4-il, 

while radio base station 22 manages service area 4-i2. 
On wireless LAN network 2-n, radio base station 21 manages 
service area 4-nl, while radio base station 22 manages 
service area 4-n2. 

10 As shown in FIG. 5, each of wireless terminal 

apparatuses 30-1 to 30-4 is provided with two radio signal 
transmission/reception sections, 301 and 302, and 
authentication section 303. Radio signal 

transmission/reception section 301 communicates with 

15 cellular wireless network 1, and performs processing for 
establishing a wireless channel with radio base station 
14 or 15 of the network 1 in performing communications. 
Meanwhile, radio signal transmission/reception section 
302 communicates with wireless LAN networks 2-1 to 2-n. 

20 Authentication section 303 exchanges the 

authentication information with authentication section 
103 of centralized management authentication apparatus 
10 on cellular wireless network 1. Authentication 
section 303 has a non-public authentication key common 

25 to authentication section 103 of centralized management 
authentication apparatus 10, and using the authentication 
key, exchanges the authentication information based on 
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the same authentication algorithm. The authentication 
information is obtained from authentication information 
generating apparatus 11 of cellular wireless network 1, 
and managed in authentication information management 
5 section 102 of centralized management authentication 
apparatus 10 . 

In the wireless communication system thus obtained 
by combining cellular wireless network 1 and a plurality 
of wireless LAN networks, 2-1 to 2-n, wireless terminal 
10 apparatuses 30-1 to 30-4 move inside service areas of 
cellular wireless network 1, and inside service areas 
4-1, 4-2, ...,4-il, 4-i2 , 4-nl and 4-n2 managed by radio 
base stations 21 or 22 of wireless LAN networks 2-1 to 
2-n. 

15 Explained below is authentication of wireless 

terminal apparatuses 30-1 to 30-4 in the wireless 
communication system according to this Embodiment. In 
addition, in this explanation, the case of authenticating 
wireless terminal apparatus 30-1 is described as one 

20 example . 

Described first is authentication operation in the 
case of switching the power supply of wireless terminal 
apparatus 30-1 from off to on. 

When wireless terminal apparatus 30-1 connects to 
25 cellular wireless network 1, radio signal 
transmission/reception section 301 of wireless terminal 
apparatus 30-1 performs processing for establishing a 
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wireless channel with radio base station 14 or 15 of 
cellular wireless network 1, and then, according to the 
authentication algorithm, authentication section 303 of 
wireless terminal apparatus 30-1 exchanges an 
5 authentication signal with centralized management 
authentication apparatus 10 of cellular wireless network 
1 and performs authentication. 

Meanwhile, when wireless terminal apparatus 30-1 
connects to wireless LAN network 2-1, 2-2 , 2-i , ... or 2-n 

10 (hereinafter, the case of connecting to wireless LAN 
network 2-1 is described as an example), radio signal 
transmission/reception section 302 of wireless terminal 
apparatus 30-1 performs processing for establishing a 
wireless channel with radio base station 21 or 22 of 

15 wireless LAN network 2-1, and then, wireless terminal 
apparatus 30-1 gains access to authentication apparatus 
20 of wireless LAN network 2-1. At this point, wireless 
terminal apparatus 30-1 transmits an ID (identification 
information) of the apparatus 30-1 to let the apparatus 

20 20 know which wireless terminal apparatus requests 
access . 

In authentication apparatus 20 of wireless LAN 
network 2-1, authentication section 202 receives an 
authentication request signal from wireless terminal 
25 apparatus 30-1, and checks whether authentication 
information management section 201 manages a series of 
authentication information of wireless terminal 
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apparatus 30-1. When the section 201 does not manage 
the authentication information, authentication 
information management section 201 ' transmits an 
authentication information request to centralized 
5 management authentication apparatus 10 of cellular 
wireless network 1, and acquires the authentication 
information of wireless terminal apparatus 30-1. When 
authentication information management section 201 
acquires the authentication information, authentication 
10 section 202 exchanges an authentication signal with 
wireless terminal apparatus 30-1 and performs 
authentication according to the same authentication 
algorithm as in authentication on cellular wireless 
network 1 . 

15 Authentication when wireless terminal apparatus 

30-1 moves will be described below. 

Explained first is authentication when wireless 
terminal apparatus 30-1 moves inside the same wireless 
LAN network. 

20 Authentication is required whenever the service 

area is varied (i.e. whenever the radio base station to 
connect is varied) also when wireless terminal apparatus 
30-1 moves inside the same wireless LAN network, 2-1. 
Authentication apparatus 20 of wireless LAN network 2-1 

25 stores the authentication information acquired from 
centralized management authentication apparatus 10 of 
cellular wireless network 1 when wireless terminal 
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apparatus 30-1 has first connected to wireless LAN network 
2-1, and wireless terminal apparatus 30-1 thereby 
completes the authentication only by gaining access to 
authentication apparatus 20. 
5 In other words, when wireless terminal apparatus 

30-1 is turned on and first gains access to wireless LAN 
network 2-1, the apparatus 30-1 performs authentication 
by accessing centralized management authentication 10 
of cellular wireless network 1 via authentication 

10 apparatus 20 of wireless LAN network 2-1. Thereafter, 
in migration inside the same wireless LAN network, 2-1, 
wireless terminal apparatus 30-1 performs authentication 
by gaining access to authentication apparatus 20 of 
wireless LAN network 2-1. 

15 Authentication when wireless terminal apparatus 

30-1 moves to a different wireless LAN network will be 
described below. 

Authentication is performed as described below when 
wireless terminal apparatus 30-1 moves to an adjacent 

20 different wireless LAN network. First, a current 
location of wireless terminal apparatus 30-1 is detected 
by location management function on a 

cellular-wireless-area basis of cellular wireless 
network 1. The detected current location of wireless 

25 terminal apparatus 30-1 is managed in wireless terminal 
location management section 1301 (see FIG. 2) of location 
management apparatus 13. In addition, service area 
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management section 1302 manages the service area 
information of each of wireless LAN networks 2-1 to 2-n. 

In cent ral i zed management authentication apparatus 
10 of cellular wireless network 1, authentication 
5 information notification destination search section 101 
acquires location information of the wireless terminal 
apparatus and the service area information of each of 
wireless LAN networks 2-1 to 2-n managed in location 
management apparatus 13 of cellular wireless network 

10 l,and based on the information, identifies a wireless 
LAN network having a service area around the current 
location of wireless terminal apparatus 30-1. Then, 
authentication information notification destination 
search section 101 notifies authentication information 

15 management section 102 of the identified wireless LAN 
network. By receiving the notification, authentication 
information management section 102 notifies the 
authentication information to authentication apparatus 
20 of the wireless LAN network having the service area 

20 around the current location of wireless terminal 
apparatus 30-1 . 

Herein, for example, assuming that authentication 
information management section 102 notifies the 
authentication information to authentication apparatus 

25 20 of wireless LAN network 2-2, in authentication 
apparatus 20 of the network 2-2, authentication 
information management section 201 manages the notified 
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authentication information. By this means, also when 
wireless terminal apparatus 30-1 moves to an adjacent 
wireless LAN network, 2-2, wireless terminal apparatus 
30-1 is able to complete authentication only by accessing 
5 authentication apparatus 20 on wireless LAN network 2-2. 
Since the time required for authentication is thus reduced, 
it is possible to shorten the handover interval. In 
addition, a case may occur that a plurality of wireless 
LAN networks exists which has the service area around 
10 the current location of wireless terminal apparatus 3 0-1 . 
In such a case, the authentication information is notified 
to authentication apparatuses 20 of all the wireless LAN 
networks . 

When wireless terminal apparatus 30-1 moves to a 
15 service area of some wireless LAN network from service 
area 3 of cellular wireless network 1, as in migration 
between different wireless LAN networks, authentication 
information notification destination search section 101 
identifies a wireless LAN network having a service area 
20 around the current location of wireless terminal 
apparatus 30-1, and authentication information 
management section 102 beforehand notifies the 
authentication information to authentication apparatus 
20 of the wireless LAN network, whereby it is possible 
2 5 to reduce the time required for authentication. Further, 
also when wireless terminal apparatus 30-1 performing 
communications via cellular wireless network 1 enters 
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a service area of a wireless LAN network existing on 
cellular wireless network 1 and switches to the wireless 
LAN network to perform communications, as in migration 
between different wireless LAN networks, authentication 
5 information notification destination search section 101 
identifies a wireless LAN network having a service area 
around the current location of the wireless terminal 
apparatus, and authentication information management 
section 102 beforehand notifies the authentication 

10 information to authentication apparatus 20 of the 
wireless LAN network, whereby it is possible to reduce 
the time required for authentication. 

Moreover, when wireless terminal apparatus 30-1 
moves from some wireless LAN network to cellular wireless 

15 network 1 or moves inside cellular wireless network 1, 
according to the general authentication sequence 
performed in the location registration sequence on 
cellular wireless network 1, authentication is performed 
between authentication section 303 of the wireless 

20 terminal apparatus and authentication section 103 of 
centralized management authentication apparatus 10 of 
cellular wireless network 1. Naturally, when wireless 
terminal apparatus 30-1 moves between different types 
of networks or different providers, after mutually 

25 checking whether roaming is supported, the authentication 
information is notified. User data management apparatus 
12 stores the detail of user contract such as a roaming 



contract . 

The aforementioned notification of the 
authentication information from centralized management 
authentication apparatus 10 to authentication apparatus 
5 20 of each of wireless LAN networks 2-1 to 2-n is only 
performed when a wireless terminal apparatus first gains 
access to each of wireless LAN networks 2-1 to 2-n, but 
the once notified information is not used semipermanently 
In order to enhance security of a wireless channel on 

10 the wireless LAN network, it is desired changing an 
encryption key of the wireless channel at constant 
intervals. Accordingly, it is desired that centralized 
management authentication apparatus 10 notifies the 
authentication information including an encryption key 

15 of a wireless channel whenever a wireless terminal 
apparatus gains access to each wireless LAN network, or 
at constant intervals. 

Thus, according to Embodiment 1 of the invention, 
by managing the location information of a wireless 

20 terminal apparatus and the service area information of 
each of wireless LAN networks 2-1 to 2-n, and beforehand 
notifying the authentication information to a wireless 
LAN network around a current location of the wireless 
terminal apparatus before the terminal moves to the 

25 wireless LAN network, the authentication time is 
shortened inmigration of the wireless terminal apparatus 
on the same wireless LAN network or between different 
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wireless LAN networks, the interval required for handover 
is thereby reduced, and thus, quality deterioration due 
to the handover does not occur such as packet loss. 
(Embodiment 2) 

5 FIG. 6 is a block diagram illustrating an entire 

configuration of a wireless communication system 
according to Embodiment 2 of the present invention. In 
addition, in Embodiment 2 of the invention, the same 
structural elements as in Embodiment 1 of the invention 

10 are assigned the same reference numerals to omit 
descriptions thereof. 

In a wireless communication system according to this 
Embodiment, centralized management authentication 
apparatus 10 is installed in a service provider unit 

15 (herein, called authentication provider unit) that 
performs centralized management of authentication on the 
entire network, while centralized management 
authentication apparatus 10 is installed on cellular 
wireless network 1 in the above-mentioned wireless 

20 communication system according to Embodiment 1. 

In FIG. 6, cellular wireless network 5 is provided 
with authentication apparatus 23, authentication 
information generating apparatus 11, location management 
apparatus 24, radio base station 14 and radio base station 

25 15. Authentication provider unit 6 has centralized 
authentication management apparatus 10, authentication 
information generating apparatus 25, location management 
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apparatus 26 and user data management apparatus 27. As 
in Embodiment 1, each of wireless LAN networks 2-1 to 
2-n is provided with authentication apparatus 20, radio 
base station 21 and radio base station 22. As shown in 
5 FIG. 7, authentication apparatus 23 is provided with 
authentication information management section 2301 and 
authentication section 2302. As shown in FIG . 8, location 
management apparatus 24 is provided with wireless 
terminal location management section 2401 that manages 

10 location of wireless terminal apparatuses. 

Explained below is authentication of wireless 
terminal apparatuses in the wireless communication system 
according to this Embodiment. In addition, in this 
explanation, the case of authenticating wireless terminal 

15 apparatus 30-1 is described as one example. 

Described first is authentication in the case of 
switching the power supply of wireless terminal apparatus 
30-1 from off to on to connect to a network. 

When wireless terminal apparatus 30-1 connects to 

20 cellular wireless network 5, in wireless terminal 
apparatus 30-1, radio signal transmission/reception 
section 301 (see FIG. 5) to connect to cellular wireless 
network 5 performs processing for establishing a wireless 
channel with radio base station 14 or 15 of cellular 

25 wireless network 5, and then, authentication section 303 
exchanges authentication information with 

authentication apparatus 23 (see FIG. 7) installed on 
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cellular wireless network 5. The authentication is 
carried out in the same authentication procedures as in 
Embodiment 1 . 

Meanwhile, when wireless terminal apparatus 30-1 
5 connects to wireless LAN network 2-1, radio signal 
transmission/reception section 302 (see FIG. 4) to connect 
to wireless LAN network 2-1 performs processing for 
establishing a wireless channel with radio base station 
21 or 22 of wireless LAN network 2-1, and then, wireless 

10 terminal apparatus 30-1 gains access to authentication 
apparatus 20 of wireless LAN network 2-1 . At this point, 
wireless terminal apparatus 30-1 transmits an ID of the 
apparatus 30-1 to let the apparatus 20 know which wireless 
terminal apparatus requests access. 

15 In authentication apparatus 20, as shown in FIG. 4, 

authentication section 202 receives an authentication 
request signal, and checks whether authentication 
information management section 201 stores a series of 
authentication information of wireless terminal 

20 apparatus 30-1 that has requested authentication. When 
the section 201 does not store the information, 
authentication apparatus 20 transmits an authentication 
information request to centralized management 
authentication apparatus 10 of authentication provider 

25 unit 6, and acquires the authentication information to 
authenticate. Herein, used as the authentication 
algorithm is one standardized in wireless LAN systems 



(such as, IEEE802.IX). 

In this Embodiment, it is possible to use specific 
authentication algorithms in access to cellular wireless 
network 5 and access to wireless LAN networks 2-1 to 2-n. 
5 Naturally, it is also possible that the same algorithm 
is used as authentication algorithms in cellular wireless 
network 5 and wireless LAN networks 2-1 to 2-n, and that 
the authentication provider performs centralized 
management of the authentication information, and 

10 notifies the information to authentication apparatus 23 
of cellular wireless network 5 from centralized 
management authentication apparatus 10. 

Authentication when wireless terminal apparatus 
30-1 moves will be described below. 

15 Authentication to connect is required whenever the 

service area is varied (i.e. whenever the radio base 
station to connect is varied) also when wireless terminal 
apparatus 30-1 moves inside the same wireless LAN network. 
As in Embodiment 1, authentication apparatus 20 stores 

20 the authentication information acquired from centralized 
management authentication apparatus 10 when wireless 
terminal apparatus 30-1 has first connected to the 
wireless LAN network, and wireless terminal apparatus 
30-1 thereby completes the authentication only by gaining 

25 access to authentication apparatus 20. In other words, 
when wireless terminal apparatus 30-1 is turned on and 
first gains access to a wireless LAN network, the terminal 
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apparatus 30-1 gains access to centralized management 
authentication apparatus 10 of authentication provider 
unit 6 via authentication apparatus 20 of the wireless 
LAN network. Thereafter, in migration inside the same 
5 wireless LAN network, wireless terminal apparatus 30-1 
gains access to authentication apparatus 20. 

With respect to authentication when wireless 
terminal apparatus 30-1 moves to an adjacent different 
wireless LAN network, in authentication provider unit 

10 6, location management apparatus 26 uses the location 
management function on a cellular-area basis of cellular 
wireless network 5, and acquires a location position of 
the wireless terminal apparatus. In other words, 
location management apparatus 26 of authentication 

15 provider unit 6 acquires the current location of the 
wireless terminal apparatus from location management 
apparatus 24 of cellular wireless network 5. Then, 
location management apparatus 26 manages the location 
information of the wireless terminal apparatus, as well 

20 as the service area information of each of wireless LAN 
networks 2-1 to 2-n. 

In centralized management authentication apparatus 
10, authentication information notification destination 
search section 101 (see FIG. 3) acquires the location 

25 information of the wireless terminal apparatus and the 
service area information of each of wireless LAN networks 
2-1 to 2-n from location management apparatus 26, and 
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based on the information, identifies a wireless LAN 
network having a service area around the current location 
of wireless terminal apparatus. Then, centralized 

management authentication apparatus 10 notifies 
5 authentication information management section 102 (see 
FIG. 3) of the identified wireless LAN network. 
Authentication information management section 102 
notifies the authentication information to 
authentication apparatus 20 of the wireless LAN network 

10 to be notified. Authentication apparatus 20 stores the 
notified authentication information. By this means, 
also when wireless terminal apparatus 30-1 moves to an 
adjacent wireless LAN network, wireless terminal 
apparatus 30-1 is able to complete authentication only 

15 by accessing authentication apparatus 20 on the wireless 
LAN network, and it is thus possible to reduce the time 
required for authentication and the handover interval. 

When wireless terminal apparatus 30-1 moves to a 
service area of some wireless LAN network from service 

20 area 3 of cellular wireless network 5, as in movement 
between different wireless LAN networks, authentication 
information notification destination search section 101 
of centralized management authentication apparatus 10 
identifies a wireless LAN network having a service area 

25 around the current location of the wireless terminal 
apparatus, and authentication information management 
section 102 of centralized management authentication 
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apparatus 10 beforehand notifies the authentication 
information to the authentication apparatus of the 
wireless LAN network. Therefore, the time required for 
authentication can be decreased, and it is thus possible 
5 to reduce the handover interval. Further, also when 
wireless terminal apparatus 30-1 performing 
communications via cellular wireless network 5 enters 
a service area of a wireless LAN network existing on 
cellular wireless network 5 and switches to the wireless 

10 LAN network to perform communications, as in movement 
between different wireless LAN networks, authentication 
information notification destination search section 101 
of centralized management authentication apparatus 10 
identifies a wireless LAN network having a service area 

15 around the current location of the wireless terminal 
apparatus, and authentication information management 
section 102 of centralized management authentication 
apparatus 10 beforehand notifies the authentication 
information to the authentication apparatus of the 

20 wireless LAN network. Therefore, the time required for 
authentication can be reduced, and it is thus possible 
to decrease the handover interval. 

Moreover, when wireless terminal apparatus 30-1 
moves from some wireless LAN network to the cellular 

25 wireless network or moves inside the cellular wireless 
network, according to the general authentication sequence 
performed in the location registration sequence on the 
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cellular wireless network, authentication is performed 
between the authentication section of the wireless 
terminal apparatus and the authentication section of the 
centralized management authentication apparatus. 
5 Naturally, when wireless terminal apparatus 30-1 moves 
between different types of networks or different 
providers, after mutually checking whether roaming is 
supported, the authentication information is notified. 
User data management apparatus 27 stores the detail of 

10 user contract such as a roaming contract. 

The aforementioned notification of the 
authentication information from centralized management 
authentication apparatus 10 to authentication apparatus 
20 of each of wireless LAN networks 2-1 to 2-n is not 

15 limited to first access of wireless terminal apparatus 
30-1 to each wireless LAN network. In order to enhance 
security of a wireless channel on the wireless LAN network, 
it is desired changing an encryption key of the wireless 
channel at constant intervals. Accordingly, it is 

20 desired that centralized management authentication 
- apparatus 10 notifies the authentication information 
including an encryption key of a wireless channel whenever 
a wireless terminal apparatus gains access to each 
wireless LAN network, or at constant intervals . 

25 Thus, according to Embodiment 2 of the invention, 

the centralized management apparatus 10 of the wireless 
communication system according to this Embodiment is 
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installed in the service provider equipment that performs 
centralized management of authentication on the entire 
network, whereby the authentication time is shortened 
in migration of a wireless terminal apparatus inside the 
5 same wireless LAN network or between different wireless 
LAN networks, the interval required for handover is 
thereby reduced, and thus, quality deterioration due to 
the handover does not occur such as packet loss. 
(Embodiment 3) 

10 As shown in a block diagram of FIG. 9, in a wireless 

communication system according to Embodiment 3 of the 
invention, wireless terminal apparatus 40 is provided 
with location detecting section 401 using GPS (Global 
Positioning System), and always notifies its current 

15 location to location management apparatus 13 on cellular 
wireless network 1. 

In the above-mentioned wireless communication 
systems according to Embodiments 1 and 2, the location 
management function of cellular wireless networks 1 and 

20 5 used in location information of wireless terminal 
apparatuses 30-1 to 30-4 serves on an area basis on the 
cellular wireless network, and has the accuracy of the 
order of a few kilometers . In contrast thereto, location 
detecting section 401 using GPS has the accuracy of the 

25 order of a few tens of meters, and is capable of performing 
location detection of a wireless terminal apparatus with 
highac curacy. By this means, thewireless communication 
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system according to this Embodiment is capable of 
narrowing a search for a wireless LAN network having a 
service area around a current location of a wireless 
terminal apparatus, thereby reducing the number of 
5 wireless LAN networks to notify to authentication 
information, and further reducing the traffic of control 
signal such as the authentication information on the 
entire network. 

(Embodiment 4) 

10 In a wireless communication system according to 

Embodiment 4 of the invention, radio base station 21 or 
22 of each of wireless LAN networks 2-1 to 2-n is provided 
with a location detecting section (not shown in the figure) 
such as GPS, and notifies location management apparatus 

15 13 of a service area of each of wireless LAN networks 
2-1 to 2-n whenever necessary to update. By this means, 
in the wireless communication system according to this 
Embodiment, it is possible to update to the latest 
information due to expansion of the service area of each 

20 of wireless LAN networks 2-1 to 2-n caused by installation 
of a new radio base station, and to reflect in advance 
notification of authentication information. 

As described above, according to the invention, the 
location information of a wireless terminal apparatus 

25 and the service area information of each wireless network 
is managed, and the authentication information is 
beforehand notified to a peripheral wireless network 



before the wireless terminal apparatus moves to the 
wireless network around a current location of the wireless 
terminal apparatus. The authentication time is thus 
shortened in migration inside the same wireless network 
5 or between different wireless networks of the wireless 
terminal apparatus, thereby reducing the interval 
required for .handover, and as a result, quality 
deterioration does not occur such as packet loss due to 
the handover. 

10 According to an aspect of the invention, a 

centralized management authentication apparatus 
performs centralized management of authentication to 
enable a wireless terminal apparatus to perform roaming 
on a plurality of wireless networks each having at least 

15 one radio base station, and adopts a configuration 
provided with an information acquirer that acquires 
service area information of each of the plurality of 
wireless networks and information of a current location 
of the wireless terminal apparatus, an authentication 

20 information notification destination searcher that 
specifies at least one of the wireless networks that 
provides communication services in a peripheral area of 
the current location of the wireless terminal apparatus 
based on the acquired service area information and 

25 information of the current location, and an 
authentication information manager that notifies 
authentication information required for authentication 
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of the wireless terminal apparatus to at least one of 
the wireless networks specified in the authentication 
information notification destination searcher before the 
wireless terminal apparatus moves to the at least one 
5 of the wireless networks. According to this 

configuration, at least one wireless network is specified 
that provides communication services on the periphery 
of the current location of the wireless terminal apparatus 
based on the current location of the wireless terminal 

10 apparatus and the service area information of each of 
wireless networks, and the authentication information 
for use in authentication of the wireless terminal 
apparatus is notified to the specified at least one 
wireless network before the wireless terminal apparatus 

15 moves to the wireless network. The authentication time 
is thus shortened in migration of the wireless terminal 
apparatus inside the same wireless LAN network or 
different wireless LAN networks, thereby reducing the 
interval required for handover, and quality deterioration 

20 does not occur such as packet loss due to the handover. 

According to another aspect of the invention, a 
configuration is adopted in the above-mentioned 
configuration, where among the plurality of wireless 
networks exists a cellular wireless network provided with 

25 the function of managing the location of the wireless 
terminal apparatus, and the authentication information 
notification destination searcher acquires the 



information of the current location of the wireless 
terminal apparatus from the cellular wireless network. 
According to this configuration, the cellular wireless 
network has the function of identifying the current 
5 location of the wireless terminal apparatus based on a 
cellular-area basis, and using the function, the 
authentication information notification desti nation 
searcher is able to acquire the current location of the 
wireless terminal apparatus. 

10 According to another aspect of the invention, a 

configuration is adopted in the above-mentioned 
configuration where the authentication information 
notification destination searcher acquires the service 
area information of each of the wireless networks from 

15 the cellular wireless network. According to this 
configuration, it is possible to acquire the service area 
information of each of wireless networks from the cellular 
wireless network. 

According to another aspect of the invention, a 

20 configuration is adopted in the above-mentioned 
configuration where the authentication information 
manager notifies the wireless network that requests the 
authentication information of the authentication 
information generated by an authentication information 

25 generating apparatus of the cellular wireless network. 
According to this configuration, the wireless network 
is given the authentication information, and thereby able 
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to use the information for authentication in migration 
of the wireless terminal apparatus between service areas 
on the wireless network. It is thus possible to reduce 
the processing time for authentication in migration on 
5 the same wireless network. 

According to another aspect of the invention, a 
configuration is adopted in the above-mentioned 
configuration where a location management apparatus of 
the cellular wireless network manages each of the service 

10 area information and wireless terminal location 
information, and based on each of the service area 
information and wireless terminal location information 
managed by the location management apparatus of the 
cellular wireless network, the authentication 

15 information notification destination searcher specifies 
at least one of the wireless networks that provides 
communication services in a peripheral area of the current 
location of the wireless terminal apparatus. According 
to this configuration, by using the service area 

20 information and wireless terminal location information 
managed by the location management apparatus of the 
cellular wireless network, it is possible to easily 
specify at least one of the wireless networks that provides 
communication services in a peripheral area of the current 

25 location of the wireless terminal apparatus. 

A cellular wireless network of another aspect of 
the invention adopts a configuration provided with the 
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centralized management authentication apparatus having 
the above-mentioned configuration. According to this 
configuration, it is possible to provide a cellular 
wireless network where the authentication time is reduced 
5 in migration of the wireless terminal apparatus inside 
the same wireless LAN network or different wireless LAN 
networks, and quality deterioration does not occur such 
as packet loss due to handover between wireless networks. 

An authentication apparatus of another aspect of 

10 the invention adopts a configuration provided with an 
authentication information holder that holds 
authentication information obtained by making a request 
for authentication information to a centralized 
management authentication apparatus that performs 

15 centralized management of authentication in movement to 
each of a plurality of wireless networks of a wireless 
terminal apparatus, and an authentication performer that 
uses the authentication information held in the 
authentication information holder in authentication of 

20 the wireless terminal apparatus in a service area of a 
movement destination when the wireless terminal apparatus 
moves between service areas of a wireless network to which 
the authentication apparatus belongs . According to this 
configuration, it is possible to use the authentication 

25 information in authentication in a movement destination 
when the wireless terminal apparatus moves between 
service areas of the wireless network by acquiring the 



authentication information from the centralized 
management authentication apparatus, and it is thus 
possible to reduce the processing time required for 
authentication inmigration on the same wireless network. 
5 A wireless terminal apparatus of another aspect of 

the invention adopts a configuration provided with a 
receiver that receives a signal transmitted from a GPS 
( Global Posit ioning System) satellite, a current location 
measure that measures a current location using the signal 

10 received from the GPS satellite, and a current location 
information notifier that notifies a cellular wireless 
network of the current location measured in the current 
location measurer . According to this configuration, the 
cellular wireless network is capable of acquiring 

15 location information with high accuracy, thus decreasing 
the number of wireless networks of notification 
destination of authentication information, and thereby 
reducing processing time to notify the authentication 
information , 

20 A radio base station of another aspect of the 

invention is a radio base station constituting a wireless 
network and adopts a configuration provided with a 
receiver that receives a signal transmitted from a GPS 
( Global Posit ioning System) satellite, a current location 

25 measure that measures a current location using the signal 
received from the GPS satellite, and a current location 
information notifier that notifies a cellular wireless 



network of the current location measured in the current 
location measurer . According to this configuration, the 
cellular wireless network is capable of acquiring 
location information with high accuracy, thus decreasing 
5 the number of wireless networks of authentication 
information notification destination, and thereby 
reducing processing time to notify the authentication 
information . 

A wireless communication system of another aspect 

10 of the invention adopts a configuration provided with 
the cellular wireless network having the above-mentioned 
configuration, the authentication apparatus having the 
above-mentioned configuration, the wireless terminal 
apparatus having the above-mentioned configuration, and 

15 the radio base station having the above-mentioned 
configuration. According to this configuration, it is 
possible to provide a wireless communication system where 
the authentication time is reduced in migration of the 
wireless terminal apparatus inside the same wireless LAN 

20 network or different wireless LAN networks, and quality 
deterioration does not occur such as packet loss due to 
handover between wireless networks. 

An authentication provider unit of another aspect 
of the invention is an authentication provider unit that 

25 manages entire wireless networks, and adopts a 
configuration provided with the centralized management 
authentication apparatus having the above-mentioned 
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configuration. According to this configuration, it is 
possible to provide an authentication provider unit where 
the authentication time is reduced in migration of the 
wireless terminal apparatus inside the same wireless LAN 
5 network or different wireless LAN networks, and quality 
deterioration does not occur such as packet loss due to 
handover between wireless networks. 

An authentication provider unit of another aspect 
of the invention adopts a configuration provided with 

10 the above-mentioned configuration and with a location 
management apparatus that manages the service area 
information of each of a plurality of wireless networks 
and current location information of a wireless terminal 
apparatus, where the location management apparatus 

15 acquires the location information of the wireless 
terminal apparatus from a cellular wireless network that 
performs location management of the wireless terminal 
apparatus. According to this configuration, the 
cellular wireless network has the function of identifying 

20 the current location of the wireless terminal apparatus 
based on a cellular-area basis, and it is possible to 
acquire the current location information of the wireless 
terminal apparatus from the location management apparatus 
that manages the current location information of the 

25 wireless terminal apparatus identified by the function. 
Accordingly, the need is eliminated for having the 
function of acquiring the current location information 
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of the wireless terminal apparatus, and it is possible 
to keep the equipment cost low corresponding to such an 
eliminated need. 

A wireless communication system of another aspect 
5 of the invention adopts a configuration provided with 
the authentication apparatus having the above-mentioned 
configuration, the wireless terminal apparatus having 
the above-mentioned configuration, the radio base station 
having the above-mentioned configuration, and the 

10 authentication provider unit having the above-mentioned 
configuration. According to this configuration, it is 
possible to provide a wireless communication system where 
the time is reduced that is required for authentication 
performed when the wireless terminal apparatus moves 

15 between different wireless networks, and quality 
deterioration does not occur such as packet loss due to 
handover between the wireless networks. 

A wireless terminal authentication method of still 
another aspect of the invention is a wireless terminal 

20 authentication method in a wireless communication system 
comprised of a plurality of wireless networks each having 
at least one radio base station, is of acquiring location 
information of a wireless terminal apparatus and service 
area information of each of the plurality of wireless 

25 networks, identifying at least one of the wireless 
networks that provides communication services in a 
peripheral area of a location where the wireless terminal 
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apparatus exists based on the acquired location 
information of the wireless terminal apparatus and 
service area information of each of the wireless networks, 
and notifying the identified wireless network of 
5 authentication information of the wireless terminal 
apparatus before the wireless terminal apparatus moves 
to the network. According to this method, at least one 
wireless network that provides communication services 
around the current location of the wireless terminal 

10 apparatus is specified based on the location information 
of the wireless terminal apparatus and service area 
information of each of wireless networks, and the 
authentication information for use in authentication of 
the wireless terminal apparatus is notified to the 

15 identified at least one wireless network before the 
wireless terminal apparatus moves to the network. 
Therefore, the authentication time is shortened in 
migration of the wireless terminal apparatus inside the 
same wireless LAN network or different wireless LAN 

20 networks, the interval required for handover is thereby 
reduced, and quality deterioration does not occur such 
as packet loss due to the handover. 

This application is based on the Japanese Patent 
Application No . 2 0 0 3- 0 2 2 0 3 9 filed on January 30, 2003, 

25 entire content of which is expressly incorporated by 
reference herein. 
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Industrial Applicability 

The present invention is useful as a centralized 
management authentication apparatus and wireless 
terminal authentication method which shorten the 
5 authentication time inmigration of the wireless terminal 
apparatus inside the same wireless network or different 
wireless networks, thereby reduce the interval required 
for handover, and as a result, eliminate occurrences of 
quality deterioration such as packet loss due to the 
10 handover. 
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FIG.l FIG. 5 

I CELLULAR WIRELESS NETWORK 

10 CENTRALIZED MANAGEMENT AUTHENTICATION APPARATUS 

II AUTHENTICATION INFORMATION GENERATING APPARATUS 
5 12 USER DATA MANAGEMENT APPARATUS 

13 LOCATION MANAGEMENT APPARATUS 

14 15 RADIO BASE STATION 

20 WIRELESS LAN NETWORK AUTHENTICATION APPARATUS 

21 22 RADIO BASE STATION 

10 30-1 30-2 30-3 30-4 WIRELESS TERMINAL APPARATUS 



FIG . 2 

13 LOCATION MANAGEMENT APPARATUS 

1301 WIRELESS TERMINAL LOCATION MANAGEMENT SECTION 
15 1302 SERVICE AREA MANAGEMENT SECTION 

FIG. 3 

10 CENTRALIZED MANAGEMENT AUTHENTICATION APPARATUS 

101 AUTHENTICATION INFORMATION NOTIFICATION 
20 DESTINATION SEARCH SECTION 

WIRELESS TERMINAL LOCATION INFORMATION 
SERVICE AREA INFORMATION 

102 AUTHENTICATION INFORMATION MANAGEMENT SECTION 
AUTHENTICATION INFORMATION 

25 AUTHENTICATION INFORMATION REQUEST 

103 AUTHENTICATION SECTION 
AUTHENTICATION 
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FIG . 4 

20 AUTHENTICATION APPARATUS 
AUTHENTICATION INFORMATION 
AUTHENTICATION INFORMATION REQUEST 
5 201 AUTHENTICATION INFORMATION MANAGEMENT SECTION 
202 AUTHENTICATION SECTION 
AUTHENTICATION 



FIG . 5 

10 30-1-30-4 WIRELESS TERMINAL APPARATUS 

301 302 RADIO SIGNAL TRANSMISSION/RECEPTION SECTION 
303 AUTHENTICATION SECTION 



FIG . 6 

15 5 CELLULAR WIRELESS NETWORK 

6 AUTHENTICATION PROVIDER UNIT 

11 25 AUTHENTICATION INFORMATION GENERATING APPARATUS 
23 AUTHENTICATION APPARATUS 
2 4 2 6 LOCATION MANAGEMENT APPARATUS 
20 27 USER DATA MANAGEMENT APPARATUS 



FIG. 7 

23 AUTHENTICATION APPARATUS 
AUTHENTICATION INFORMATION 
25 2301 AUTHENTICATION INFORMATION MANAGEMENT SECTION 
2302 AUTHENTICATION SECTION 
AUTHENTICATION 
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FIG. 8 

2 4 LOCATION MANAGEMENT APPARATUS 

2401 WIRELESS TERMINAL LOCATION MANAGEMENT SECTION 
5 FIG. 9 

40 WIRELESS TERMINAL APPARATUS 

302 402 RADIO SIGNAL TRANSM I S S I ON /RECE PT I ON SECTION 

303 AUTHENTICATION SECTION 

401 LOCATION DETECTING SECTION 



